Sprinto Dashboard

Assess Vendor Risk and Due Diligence

Discover how to assess vendor risk and complete due diligence using Sprinto’s scoring model and AI-powered analysis.

Sprinto enables you to assess each vendor’s risk profile through configurable risk scoring and guided due diligence workflows. These tools help you determine whether a vendor poses a compliance threat and ensure that appropriate controls are in place.

You can score vendor risk, perform due diligence manually or with Sprinto AI, and maintain audit-ready documentation for all high-risk vendors.

1. Score Vendor Risk

Each vendor is automatically assigned a risk score based on Sprinto’s predefined risk factors. You can customise this scoring logic under the Configuration tab.

Risk scoring factors include:

  • Type of data shared (e.g., cardholder data, credentials, customer PII)

  • Access to company systems (e.g., databases, production environments)

  • Operational impact (e.g., business-critical, internal tools)

Steps to score risk:

  1. Go to All vendors and click a vendor name.

  2. Open the Risk tab.

  3. For each risk factor, click Add value or Edit.

  4. Select appropriate responses from the dropdown.

  5. Click Save after completing all required fields.

  6. Choose to:

    • Use Sprinto’s auto-computed risk level, or

    • Override and define your own risk level

Vendors without a completed risk score appear under the "Unscored" status filter.

2. Perform Due Diligence (Manual or AI-Powered)

Due diligence is mandatory for vendors classified as High risk. Sprinto supports both manual and AI-assisted methods.

A. Manual Due Diligence

Steps:

  1. Navigate to the vendor profile and open the Due diligence tab.

  2. Click Start Due Diligence.

  3. Upload relevant security documents (e.g., SOC 2 reports, ISO certificates).

  4. Add notes and findings.

  5. Click Complete Due Diligence to finish the process.

B. AI-Powered Due Diligence

Steps:

  1. Click Start Due Diligence.

  2. Upload supported documents (marked with AI icon).

  3. Select Let Sprinto AI review vendor documents.

  4. Sprinto AI will auto-generate findings and suggested responses.

  5. Review and edit AI responses if needed.

  6. Click Save Findings, then Complete Due Diligence.

You can resume an incomplete due diligence session at any time.

3. Upload or Request Security Documents

You can upload security documents manually or request them directly from the vendor.

To upload manually:

  1. Go to the Vendor documents tab in the vendor profile.

  2. Click Upload documents.

  3. Choose a document type or add a custom label.

  4. Click Save.

To request from a vendor:

  1. Click Request documents in the same tab.

  2. Enter the vendor’s email address.

  3. Select required document types.

  4. Send the request.

Vendors receive a secure link to upload their files.

PreviousManage Vendors and ProfilesNextSend and Review Security Questionnaires

Last updated